WordPress username leak

 WordPress author permalink displays username (instead of nickname)

WordPress distinguishes between username and nickname (username for login, nickname for display).

If you click on the author link below a post, you will be redirected to a page (permalink) that seems to be:
which is odd, as it really should be
Well, actually, it is neither username nor nickname but user_nicename from your WordPress user table (which seems to be set to the username by default).

So if you do not want to let people know about your username change user_nicename in your database (e.g. to the nickname you set in WordPress).

This is not a mayor security issue (not even a minor one, really), but it did annoy me as it does leak information without any need for it. And the decision of WordPress to distinguish between nick- and username clearly shows that they thought about it as well. They just did not enforce it everywhere.

Related Posts:

Leave a Reply

Your email address will not be published.